Fractal Weyl law for Linux Kernel Architecture

We study the properties of spectrum and eigenstates of the Google matrix of a directed network formed by the procedure calls in the Linux Kernel. Our results obtained for various versions of the Linux Kernel show that the spectrum is characterized by the fractal Weyl law established recently for systems of quantum chaotic scattering and the Perron-Frobenius operators of dynamical maps. The fractal Weyl exponent is found to be $\nu \approx 0.63$ that corresponds to the fractal dimension of the network $d \approx 1.2$. The eigenmodes of the Google matrix of Linux Kernel are localized on certain principal nodes. We argue that the fractal Weyl law should be generic for directed networks with the fractal dimension $d<2$.Comment: RevTex 6 pages, 7 figs, linked to arXiv:1003.5455[cs.SE]. Research at http://www.quantware.ups-tlse.fr/, Improved version, changed forma

Linux Kernel Memory Safety

Linux kernel vulnerabilities are often long lived and in some cases challenging to patch after discovery. The current focus in upstream Linux security has therefore been on categorical protections against whole error classes, not only reactive patching of specific vulnerabilities. Our work contributes to these efforts by tackling memory errors in the Linux kernel from two different fronts. First, we contributed to the upstream Linux kernel by working on a mechanism to prevent use-after-free errors caused by reference counter overflows. Second, we explored the applicability of Intel MPX as a general mechanism to prevent spatial memory errors in the Linux kernel

Linux kernel compaction through cold code swapping

There is a growing trend to use general-purpose operating systems like Linux in embedded systems. Previous research focused on using compaction and specialization techniques to adapt a general-purpose OS to the memory-constrained environment, presented by most, embedded systems. However, there is still room for improvement: it has been shown that even after application of the aforementioned techniques more than 50% of the kernel code remains unexecuted under normal system operation. We introduce a new technique that reduces the Linux kernel code memory footprint, through on-demand code loading of infrequently executed code, for systems that support virtual memory. In this paper, we describe our general approach, and we study code placement algorithms to minimize the performance impact of the code loading. A code, size reduction of 68% is achieved, with a 2.2% execution speedup of the system-mode execution time, for a case study based on the MediaBench II benchmark suite

Proceedings of Seminar on Network Protocols in Operating Systems

The Linux networking stack tends to evolve rapidly, and while there are some excellent documentation written in the past, most of the past documentation gotten (at least partially) outdated over time. The seminar on Network Protocols in Operating Systems was arranged in Aalto University, fall 2012, Department of Communications and Networking to gain a better understanding of the current status of the networking implementation in the Linux kernel. The seminar had 10 participants and each participant was assigned a module from the Linux networking implementation, on which a short paper was to be written. This publications contain the final output of this work. The papers included in the publication are: Kurnikov, Arseny: Linux kernel application interface. Jaakkola, Antti: Implementation of transmission control protocol in Linux. Arianfar, Somaya: TCP’s congestion control implementation in Linux kernel. Budigere, Karthik: Linux implementation study of stream control transmission protocol. Khattak, Fida Ullah: The IPv4 implementation of Linux kernel stack. Boye, Magnus: Netfilter connection tracking and NAT implementation. Korhonen, Jouni: Mobile IPv6 Linux kernel and user space. Soininen, Jonne: Device agnostic network interface. Kalliola, Aapo: Network device drivers in Linux. Varis, Nuutti: Anatomy of a Linux bridge

Hijacking the Linux Kernel

In this paper, a new method of hijacking the Linux kernel is presented. It is based on analysing the Linux system call handler, where a proper set of instructions is subsequently replaced by a jump to a different function. The ability to change the execution flow in the middle of an existing function represents a unique approach in Linux kernel hacking. The attack is applicable to all kernels from the 2.6 series on the Intel architecture. Due to this, rootkits based on this kind of technique represent a high risk for Linux administrators

Comparison of Fault Simulation Over Custom Kernel Module Using Various Techniques

To test the behavior of the Linux kernel module, device drivers and file system in a faulty situation, scientists tried to inject faults in different artificial environments. Since the rarity and unpredictability of such events are pretty high, thus the localization and detection of Linux kernel, device drivers, file system modules errors become unfathomable. ‘Artificial introduction of some random faults during normal tests’ is the only known approach to such mystifying problems. A standard method for performing such experiments is to generate synthetic faults and study the effects. Various fault injection frameworks have been analyzed over the Linux kernel to simulate such detection. The following paper highlights the comparison of different approaches and techniques used for such fault injection to test Linux kernel modules that include simulating low resource conditions and detecting memory leaks. The frameworks chosen to be used in these experiments are; Linux Text Project (LTP), KEDR, Linux Fault-Injection (LFI), and SCSI.&nbsp

Deductive Verification of Unmodified Linux Kernel Library Functions

This paper presents results from the development and evaluation of a deductive verification benchmark consisting of 26 unmodified Linux kernel library functions implementing conventional memory and string operations. The formal contract of the functions was extracted from their source code and was represented in the form of preconditions and postconditions. The correctness of 23 functions was completely proved using AstraVer toolset, although success for 11 functions was achieved using 2 new specification language constructs. Another 2 functions were proved after a minor modification of their source code, while the final one cannot be completely proved using the existing memory model. The benchmark can be used for the testing and evaluation of deductive verification tools and as a starting point for verifying other parts of the Linux kernel.Comment: 18 pages, 2 tables, 6 listings. Accepted to ISoLA 2018 conference. Evaluating Tools for Software Verification trac